Skip to content

[Cyber] War: how prepared is our critical infrastructure?

November 22, 2011

The apparent breach of control systems at an Illinois water treatment plant raises a number of questions about the preparedness of critical infrastructure, both in the United States and around the world, to resist malicious attacks. It also, sadly, demonstrates that the fears about the rise of advanced persistent threats by many in the security community were well founded. While reports suggest that this wasn’t a Stuxnet-style attack, it does demonstrate that attackers do seem to be zeroing in on infrastructure targets.

The attack is the first successful attack on a piece of US infrastructure – at least the first that we know about. Whether this is an isolated attack, or part of a more widespread cyber attack on US installations will only become clear over the coming days and weeks – needless to say there’ll be a few sleepless security analysts around the country this weekend!

One observation from the numerous reports is that, while the attack took place on November 8, the FBI and Department of Homeland Security still don’t know how the attack took place. And, that’s perhaps the most worrying part of the entire episode. While the FBI and DHS are still trying to figure out how the attack penetrated the environment and spread, they are unable to do anything to reduce the risk of another attack. While this might be OK for a utility water pump, what if the target were something more critical to national security?

This attack demonstrates the need to large organizations and government agencies to be able to identify an attack while it is in progress, understand how it is propagating within an environment and have enough information to be able to take action at that time. It’s further validation for our argument that the future is not SIEM but Situational Awareness – delivering a single pane of glass for all information security data that enables you to monitor your security posture in real-time.

Advertisements
No comments yet

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: